Exploit Targeting Unpatched Word Vulnerability Spotted
Friday February 9, 2007 at 12:28 pm CST
Posted by Craig Schmugar
On the heels of my Zero-Day Excels Over Word blog, McAfee Avert Labs is currently investigating a new Word exploit. Preliminary analysis shows that this is a different issue than those referenced in my last blog:
This new exploit may be somehow related to MS06-027 and the DAT files proactively detect this new threat as a variant of Exploit-MS06-027 since June 2006. This threat appears to exploit Word 2000. Again, this is preliminary analysis. We are working with Microsoft to confirm the history of this vulnerability and will update the blog when we have more information.
Like many of the recent Word exploits, this appears to have been used in a very limited and targeted attack.
Update Feb 9, 1:30pm
Microsoft has acknowledged this issue. They state that it is limited to a Denial of Service attack on Word 2000 and that code execution is not possible.
Denial of Service is clearly not as critical as other recent issues. Looks like this targeted attack was flawed.
Update Feb 14, 4:30pm
Further analysis shows this is likely not limited to denial of service. See Exploit Targeting Unpatched Word Vulnerability Spotted (Follow-up)
February 12th, 2007 at 06:17
[...] Trackback [...]
February 14th, 2007 at 16:29
[...] A few days ago I blogged about a new Word vulnerability that was used in a targeted attack (I know, it’s hard to keep these straight). Later that day Microsoft stated that the vulnerability was limited to denial of service, rather than remote code execution, and the blog was updated accordingly. [...]
February 15th, 2007 at 11:19
[...] I 12 bollettini di sicurezza di ieri coprono un totale di 20 vulnerabilità . Tra le vulnerabilità 13 sono considerate critiche da Microsoft a causa della loro possibilità di esecuzione di codice da remoto.McAfee Avert Labs ha lavorato con Microsoft per rendere nota in modo responsabile e rilasciare la patch per la vulnerabilità MS07-015 (CVE 2007 – 0871) in Excel (per i dettagli http://www.avertlabs.com/research/blog/?p=199). [...]
May 22nd, 2007 at 14:31
[...] Anti-virus vendor McAfee first flagged this issue on February 9 but, at the time, it was listed as a simple denial-of-service bug that crashed the word processing program. In other words, a failed exploit attempt. Further investigations have confirmed that code-execution is possible. [...]